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- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
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2a )^ This action is FINAL. 2b)D This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 
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4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) E3 Claim(s) 10-12. 14. 17 and 20-25 is/are rejected. 

7) 0 Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) Q The specification is objected to by the Examiner. 

10) D The drawing(s) filed on is/are: a)D accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 
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DETAILED ACTION 



1. 



This correspondence is in response to REMARKS filed on 1 1/17/2009. 



2. 



Claims 10-12, 14, 17 and 20-25 are pending. 



Claim Rejections - 35 USC §103 



3. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

Claims 10-12, 14, 17 and 20-25 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
" Bahl " et al. (US 7,020,464 B2) in view of " Colie " (US 6,108,300) 

As per Claim 10 , Bahl teaches, 

A method for maintaining secure network connections, the method comprising: duplicating [see 
'migrating' in abstract; and for example, col. 2, lines 39-45], at the third network element [see FIG. 6; 
'new mobile address' in abstract; and for example, col.6, lines 35-54. See also 'computer-readable 
medium' in Claim 1, which ' handles address change of a mobile host communicating with a 
correspondent '], a security association [see for example Security Associations 86 and 84 in FIG.2; and 
see also IPSEC/ISKAMP SAs in FIG. 3] associated with a secure network connection between a first 
network element [see for example Mobile Host 70 and 120 in FIGS.2 and 3, respectively] and a second 
network element [see for example Correspondent Host 72 and 122 in FIGS.2 and 3, respectively], 
wherein a lookup of the security association associated with the secure network connection [see FIG.2] 
is not dependent on any destination address [see for example, col.1 1 , lines 45-47: "All traffic over the 
"migrated" connection now uses the new IP address of the mobile host and is secured using the same 
security association context as before." In other words, Bahl expressly discloses not changing the SA 
lookup when a mobile host changes from old to new address. Additionally, Bahl discloses 'secured 
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control channel 96'; and SA end points that are not dependent on any destination address; see for 
example, FIGS.2, 4A and 4B], wherein the secure network connection between the first network element 
and the third network element is based on the duplicated security association [see for example, col.2, 
lines 39-45; col. 6, lines 33-34 and col. 6, lines 44-47]. 

As shown above, Bahl mitigates (or duplicates) SA at the new mobile address [see abstract and 
Claim 1]; however, Bahl is silent about the third network element as being a server, and replacing the 
second network element with the third network element in the secure network connection with the first 
network element in response to detecting failure of the second network element. However, in the same 
filed of endeavor, Colie teaches a third network element [see Backup Network Device 120 in FIG.1], 
and replacing the second network element with the third network element in the secure network 
connection with the first network element in response to detecting failure of the second network element 
[see abstract and FIG.1 - where Colie discloses transferring network services to a backup network 
device when a primary network device fails]. Therefore, it would have been obvious to a person having 
ordinary skill in the art, at the time of applicant's invention was made, to modify the system of Bahl by 
incorporating the teaching of Colie in order to prohibit network failure by replacing failed device a backup 
network device [see at least abstract of Colie]. 

As per Claim 12 , Bahl-Colie combination teaches, 

A method for maintaining secure network connections, the method comprising: configuring a 
plurality of security gateways [Access Point 156 in FIG.3 - Bahl discloses 156 as access points; see for 
example, col. 8, lines 51-61 . See also at least FIGS.3 and 4 of Coilie] such that a lookup of security 
associations is not dependent on any destination address [see for example, col.2, lines 39-45; col. 6, lines 
33-34 and col. 6, lines 44-47 of Bahl]; and sharing a security association [see Security Associations 86 
and 84 in FIG. 2; and see also IPSEC/ISKAMP SAs in FIG.3 of Bahl] among the plurality of security 
gateways [see FIGS.1 and 2; and for example, col.5, lines 16-19 - where Bahl discloses one or more 
correspondent hosts. See also Server 112a and 112b FIG.1 of Coilie]. 
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As per Claim 22 , Bahl-Colie combination teaches, 

A first security server comprising: a transceiver [see for example, col. 8, lines 51-67 - where Bahl 
disclose DHCP server] to receive information relating to at least one security association [see Security 
Associations 86 and 84 in FIG. 2; and see also IPSEC/ISKAMP SAs in FIG. 3 of Bahl] of a secure 
network connection [see secured control channel 96 in FIG. 2 of Bahl] between a mobile client [MH of 
Bahl] and a second security server [access points of Bahl]; and a processor module to: monitor operation 
of the second, security server; in response to detecting failure of the second security server [see Primary 
Network Device 110 in FIG.1 of Colie], send a message to the mobile client [see Client in FIG.1 of 
Colie] that the first security server [see Backup Network Device 120 in FIG.1 of Colie] is taking over the 
secure network connection [see abstract of Colie]; and communicate with the mobile client using the at 
least one security association over the secure network connection between the first security server and 
the mobile client [see abstract and FIGS. 2-5 - where Bahl discloses communicating between the MH and 
CH/or access points/ is based on security associations]. 

As per Claim 11 , Bahl-Colie combination teaches, 

sending at least one secure message from the third network element to the first network element 
to notify the first network element that the secure network connection will be taken over by the third 
network element [see abstract and FIG.1 of Colie]. 

As per Claim 14 , Bahl-Colie combination teaches, 

wherein a lookup of security associations is not dependent on any destination address [see 
FIGS.4A and 4B - where Bahl discloses SA end points that are not dependent on any destination 
address]. 



As per Claim 17 , Bahl-Colie combination teaches, 
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wherein communications between the mobile client and the first security server are based on a 
security architecture for the internet protocol (IPsec) [see IPSEC SAs in FIG. 3; and for example, col. col. 8, 
lines 26-50]. 

Claim 25 is rejected for the same reasons applied to the rejection of Claim 17. 
As per Claim 20 , Bahl-Colie combination teaches, 

during life of the secure network connection between the first and second network elements, the 
third network element receiving information relating to the security association of the secure network 
connection from the second network element [see FIGS.2-4B of Bahl]. 

As per Claim 21 , Bahl-Colie combination teaches, 

wherein the first network element is a mobile client [see MH in FIGS. 2 and 3 of Bahl; and Client 
in FIG.1 of Colie], and the second and third network elements are security servers [Bahl discloses 
access points and DHCP server. See also FIG.1 of Colie where network elements are disclosed as 
servers]. 

Claim 23 is rejected for the same reasons applied to the rejection of Claim 21 . 
As per Claim 24 , Bahl-Colie combination teaches, 

wherein information relating to the at least one security association is duplicated at the first and 
second security servers [see for example, col.2, lines 39-45; col. 6, lines 33-34 and col. 6, lines 44-47 of 
Bahl]. 

Response to Arguments 
4. Applicant's arguments filed 1 1/17/2009 have been fully considered but they are not persuasive. 

(Claim 10) As best understood from applicant's argument, applicant is arguing that the "new 
address" of Bahl cannot be equated with applicant's claimed "third network element '; and moreover, the 
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Bahl-Colie combination fails to disclose "replacing the second network element with the third network 
element in response to detecting the failure of the second network element." Firstly, examiner would like 
to point out that, the prior office action does indicate the "new address" of not being the "third network 
element"; however (and in contract to applicant's argument), the office action explicitly was written to 
show that Colie cures the deficiency of Bahl (by Colie disclosing "third network element as a server, which 
replaces the second element with the third network element in response to detecting failure of the second 
element"; because Colie discloses transferring network services to a backup device in response to failure 
of primary network device). Second, examiner respectfully notes that, applicant's claim language does not 
further explain what exactly the claimed "first/second, and third network elements" are; i.e., they are 
simply claimed "first, ...second, ...and third network elements". Thus, examiner asserts that the claimed 
"first/second/third network element (s)" is/are given the broadest but reasonable claim interpretation; such 
that, these elements are interpreted as being "hardware" (e.g., as server or client) or "software" or any 
network element (e.g., as 'new address'). In addition, applicant is reminded that the references fail to 
show certain features of applicant's invention, it is noted that the features upon which applicant relies (i.e., 
"third element" being a client or sever or another) are not recited in the rejected claim(s). Although the 
claims are interpreted in light of the specification, limitations from the specification are not read into the 
claims. See In re Van Geuns, 988 F.2d 1181, 26 USPQ2d 1057 (Fed. Cir. 1993). 

(Claim 12) As best understood from applicant's argument, applicant seems to conclude that 
'since there is no sharing of SAs between gateways, because the security associations of the 
correspondent host and the mobile host reside in each host.' Examiner respectfully disagrees with 
applicant's rationale and notes that the correspondent and mobile nodes of Bahl share SAs (see at least 
Figs.2 and 3) in their connection; such that, the SAs are either kept same as before or changed during 
mobility (see at least 'Modify Security Filters' in Fig. 6). Therefore, examiner respectfully notes that 
applicant's argument neither Bahl nor Colie failing to mention "sharing a security association among 
plurality of security gateways" is unpersuasive. 

The last office action is repeated; and this action is made final. 
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Conclusion 

5. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth 
in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE MONTHS from 
the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date 
of this final action and the advisory action is not mailed until after the end of the THREE-MONTH 
shortened statutory period, then the shortened statutory period will expire on the date the advisory action 
is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later than SIX 
MONTHS from the mailing date of this final action. 

Contact Information 

6. Any inquiry concerning this communication or earlier communications from the examiner should 
be directed to AMARE TABOR whose telephone number is (571 )270-31 55. The examiner can normally 
be reached on Mon-Fri 8:00a.m. to 5:00p.m., EST. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, 
Kambiz Zand can be reached on (571) 272-381 1. The fax phone number for the organization where this 
application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent Application 
Information Retrieval (PAIR) system. Status information for published applications may be obtained from 
either Private PAIR or Public PAIR. Status information for unpublished applications is available through 
Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) 
at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative 
or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272- 
1000. 
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Amare Tabor 
(AU 2434) 

/Kambiz Zand/ 

Supervisory Patent Examiner, Art Unit 2434 



